}
/*
- * Refuse to open sockets not owned by us.
+ * In daemon mode, check the ownership. If in
+ * debug mode, ignore ownership if we're root.
*/
- if (buf.st_uid != geteuid()) {
- radlog(L_ERR, "We do not own %s", path);
- return -1;
- }
-
- if (unlink(path) < 0) {
- radlog(L_ERR, "Failed to delete %s: %s",
- path, strerror(errno));
- return -1;
+ if ((debug_flag == 0) || (geteuid() != 0)) {
+
+ /*
+ * Refuse to open sockets not owned by us.
+ */
+ if (buf.st_uid != geteuid()) {
+ radlog(L_ERR, "We do not own %s", path);
+ return -1;
+ }
+
+ /*
+ * In debug mode as root, leave the file
+ * there. Otherwise, it will be owned by
+ * "root", which makes it difficult to
+ * open the file as user "radiusd".
+ */
+ if (unlink(path) < 0) {
+ radlog(L_ERR, "Failed to delete %s: %s",
+ path, strerror(errno));
+ return -1;
+ }
}
}
/*
+ * Delete the socket for safety. If the server isn't running,
+ * the socket shouldn't exist.
+ */
+static void command_socket_free(rad_listen_t *listener)
+{
+ fr_command_socket_t *sock = listener->data;
+
+ if (sock->path) unlink(sock->path);
+}
+
+/*
* Send an authentication response packet
*/
static int command_domain_send(UNUSED rad_listen_t *listener,
#endif
#ifdef WITH_COMMAND_SOCKET
- /* TCP command socket */
- { command_socket_parse, NULL,
+ /* Unix domain command socket */
+ { command_socket_parse, command_socket_free,
command_domain_accept, command_domain_send,
command_socket_print, command_socket_encode, command_socket_decode },
#endif
{ "group", PW_TYPE_STRING_PTR, 0, &gid_name, NULL },
#endif
{ "chroot", PW_TYPE_STRING_PTR, 0, &chroot_dir, NULL },
+ { "libdir", PW_TYPE_STRING_PTR, 0, &radlib_dir, "${prefix}/lib"},
{ "allow_core_dumps", PW_TYPE_BOOLEAN, 0, &allow_core_dumps, "no" },
{ NULL, -1, 0, NULL, NULL }
#endif
if (chroot_dir) {
+ DEBUG("Performing chroot to %s", chroot_dir);
if (chroot(chroot_dir) < 0) {
fprintf(stderr, "%s: Failed to perform chroot %s: %s",
progname, chroot_dir, strerror(errno));
if (uid_name) {
doing_setuid = TRUE;
+ DEBUG("Switching to user %s group %s",
+ uid_name, gid_name ? gid_name : "");
fr_suid_down();
}
#endif
}
if (chroot_dir) {
+ DEBUG("Changing current working directory to %s", radlog_dir);
if (chdir(radlog_dir) < 0) {
radlog(L_ERR, "Failed to 'chdir %s' after chroot: %s",
radlog_dir, strerror(errno));
virtual_servers_free(0);
/*
+ * Close sockets before free'ing the configuration. This
+ * allows us to removed the control socket before
+ * exiting.
+ */
+ listen_free(&mainconfig.listen);
+
+ /*
* Free all of the cached configurations.
*/
for (cc = cs_cache; cc != NULL; cc = next) {
* structures.
*/
realms_free();
- listen_free(&mainconfig.listen);
dict_free();
return 0;
projects / freeradius.git / commitdiff